package com.chint.springboot.config;

import jakarta.servlet.FilterChain;
import jakarta.servlet.ServletException;
import jakarta.servlet.http.HttpServletRequest;
import jakarta.servlet.http.HttpServletResponse;
import lombok.RequiredArgsConstructor;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.SecurityConfigurerAdapter;
import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.http.SessionCreationPolicy;
import org.springframework.security.web.AuthenticationEntryPoint;
import org.springframework.security.web.SecurityFilterChain;
import org.springframework.security.web.access.AccessDeniedHandler;
import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;
import org.springframework.web.filter.OncePerRequestFilter;

import java.io.IOException;

@Configuration
@EnableWebSecurity
@RequiredArgsConstructor
public class SecurityConfig{

    private final JwtRequestFilter jwtRequestFilter;
    private final JwtAuthenticationEntryPoint jwtAuthenticationEntryPoint;








 /*   @Bean
    public SecurityFilterChain securityFilterChain2(HttpSecurity http) throws Exception {
        http
                // 关闭 CSRF
                .csrf(csrf -> csrf.disable())
                // 不通过 Session 获取 SecurityContext
                .sessionManagement(session -> session.sessionCreationPolicy(SessionCreationPolicy.STATELESS))
                .authorizeHttpRequests(authorize -> authorize
                        // 对于登录接口，允许匿名访问
                      //  .requestMatchers("/user/login").permitAll()
                        // 注销接口需要认证才能访问
                        // .requestMatchers("/logout").authenticated()
                        .requestMatchers("/user/home").authenticated()
                        .requestMatchers("/home.html").permitAll()
                        // .requestMatchers("/user/userInfo").authenticated()
                        // .requestMatchers("/upload").authenticated()
                        // 除上面外的所有请求全部需要认证
                        .anyRequest().permitAll()//.authenticated()
                )
                // 配置异常处理器
*//*                .exceptionHandling(exception -> exception
                        .authenticationEntryPoint(authenticationEntryPoint)
                        .accessDeniedHandler(accessDeniedHandler)
                )*//*
                // 关闭默认的注销功能
                .logout(logout -> logout.disable())
                // 把 jwtAuthenticationTokenFilter 添加到 Spring Security 的过滤器链中
                .addFilterBefore(jwtRequestFilter, UsernamePasswordAuthenticationFilter.class)
                // 允许跨域
                .cors(cors -> cors.disable()); // 如果需要启用跨域，可以配置 cors 配置

        return http.build();
    }*/

    @Bean
    public SecurityFilterChain securityFilterChain(HttpSecurity httpSecurity) throws Exception {
        httpSecurity .csrf(csrf -> csrf.disable()) // 禁用 CSRF 保护
                .authorizeHttpRequests(authorizeRequests ->
                        authorizeRequests
                               //.requestMatchers("/login/**","/css/**",
                               //        "/img/**", "/js/**", "/vant/**",
                               //        "/element-ui/**", "/fonts/**",
                               //        "/static/img/background.jpg").anonymous()//.permitAll() // 允许所有用户访问

                                .anyRequest().permitAll()//.authenticated() // 其他所有请求都需要认证
                )
                .exceptionHandling(exceptionHandling ->
                        exceptionHandling
                                .authenticationEntryPoint(jwtAuthenticationEntryPoint) // 自定义未授权处理
                )
                .sessionManagement(sessionManagement ->
                        sessionManagement
                                .sessionCreationPolicy(SessionCreationPolicy.STATELESS) // 无状态会话管理
                )
                .addFilterBefore(jwtRequestFilter, UsernamePasswordAuthenticationFilter.class); // 添加 JWT 请求过滤器


        return httpSecurity.build();
    }


}
